From mboxrd@z Thu Jan 1 00:00:00 1970 From: Zach Brown Subject: Re: [KJ] [Patch] fs/ kzalloc conversions Date: Fri, 24 Feb 2006 16:07:20 -0800 Message-ID: <43FF9FB8.9030808@oracle.com> References: <1140772454.22453.1.camel@alice> <20060224111755.GA7801@mipter.zuzino.mipt.ru> <20060224152628.GO28587@parisc-linux.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Alexey Dobriyan , Eric Sesterhenn , kernel-janitors@lists.osdl.org, linux-fsdevel@vger.kernel.org Return-path: Received: from tetsuo.zabbo.net ([207.173.201.20]:17598 "EHLO tetsuo.zabbo.net") by vger.kernel.org with ESMTP id S964811AbWBYAH2 (ORCPT ); Fri, 24 Feb 2006 19:07:28 -0500 To: Matthew Wilcox In-Reply-To: <20060224152628.GO28587@parisc-linux.org> Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org > So the test isn't useless and we should use kcalloc here, otherwise an > unthinking sysadmin can increment the aio_max_nr sysctl value to, let's > say, 0x7fffffff. On a 32-bit machine, the multiplication will wrap, > maybe turn into a small positive number, and we'll gleefully walk off > the end of the array, corrupting data as we go. nr_events isn't just limited by aio_max_nr, it's also clamped (oddly) by: /* Prevent overflows */ if ((nr_events > (0x10000000U / sizeof(struct io_event))) || (nr_events > (0x10000000U / sizeof(struct kiocb)))) { pr_debug("ENOMEM: nr_events too high\n"); return ERR_PTR(-EINVAL); } Does that put your mind at ease? (Barring reasonable unease at the existence of confusing code :)) > And we should set the .extra1 and .extra2 values in the FS_AIO_MAX_NR > clause of kernel/sysctl.c anyway. Does anyone have thoughts on what the > *useful* range of this variable is? Well, the tunable exists to cap the amount of kernel memory pinned in event buffers. So some relation to the number of pages in the machine wouldn't surprise me. I don't know what default portion would be considered reasonable, though.. - z